"An extortion group calling itself "the Crimson Collective" posted on Telegram that it accessed more than 28,000 internal repos and stole hundreds of Customer Engagement Reports (CERs) in messages seen by The Register. These consultancy documents typically contain architecture diagrams, configuration details, authentication tokens, and network maps - effectively a blueprint of a customer's IT environment. The attackers have published file listings and shared samples of the supposed loot."
"At the time of writing, Red Hat has not responded to questions about whether it has suffered a breach, how attackers may have gained access, or whether it has received any demands from the hackers, who claim to have contacted Red Hat with an extortion demand to receive only a generic "submit a vulnerability report" style response. It is not known if Red Hat has notified customers of potential data exposure."
Crimson Collective claims to have breached Red Hat's private GitHub repositories and exfiltrated about 570GB of compressed data, including hundreds of Customer Engagement Reports (CERs) spanning 2020–2025. The group alleges access to more than 28,000 internal repositories and has published file listings and samples containing configuration snippets, database connection strings, and authentication tokens. The attackers assert they used discovered tokens to compromise downstream Red Hat customers and reported warning some clients. Red Hat has not publicly confirmed a breach or answered detailed questions, and the status of customer notification and remediation remains unknown.
#red-hat-breach #github-repositories #customer-engagement-reports-cers #authentication-tokens #extortion
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]